Bump bandit version

This patch bumps bandit allowed version to >=1.6.0,<1.7.0 in order to
avoid the errors detailed here https://github.com/PyCQA/bandit/pull/393

Change-Id: I0570c916cffc08bcbaebb385a9cc4a4c7038b215
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>

2 files changed, 8 insertions, 4 deletions

diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py
index 83e4c0c..2b19a66 100644
--- a/oslo_policy/policy.py
+++ b/oslo_policy/policy.py
@@ -956,16 +956,20 @@ class Enforcer(object):
                 # If the rule doesn't exist, fail closed
                 result = False
             else:
+                # NOTE(moguimar): suppressing [B105:hardcoded_password_string]
+                #                 as token_scope is not actually a hardcoded
+                #                 token.
+
                 # Check the scope of the operation against the possible scope
                 # attributes provided in `creds`.
                 if creds.get('system'):
-                    token_scope = 'system'
+                    token_scope = 'system'  # nosec
                 elif creds.get('domain_id'):
-                    token_scope = 'domain'
+                    token_scope = 'domain'  # nosec
                 else:
                     # If the token isn't system-scoped or domain-scoped then
                     # we're dealing with a project-scoped token.
-                    token_scope = 'project'
+                    token_scope = 'project'  # nosec
 
                 registered_rule = self.registered_rules.get(rule)
                 if registered_rule and registered_rule.scope_types:
diff --git a/test-requirements.txt b/test-requirements.txt
index 29e6739..3c503c3 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -11,4 +11,4 @@ oslo.context>=2.22.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
 
 # Bandit security code scanner
-bandit>=1.1.0,<1.6.0 # Apache-2.0
+bandit>=1.6.0,<1.7.0 # Apache-2.0